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IN THE CLAIMS : 

Claims 1, 21, 23, and 24 have been amended. New Claims 29 and 30 have been 
introduced into the application. Please note that all claims currently pending and under 
consideration in the referenced application are shown below. Please enter these claims as 
amended. This listing of claims will replace all prior versions and listings of claims in the 
application. 

Listing of Claims : 

1. (Currently amended) A system for the authentication by a card-issuing financial 
institution of identifying information of a card-holding user of a public data network, 
the system comprising: 

a secure data entry device comprising a discrete device with a data transmission 

output connected to the public data network; and 



a gateway device connected to the public data network and to a private data 
network used for transmitting messages between financial institutions; 

wherein the secure data entry device comprises means for the user to enter 
identifying information of a card issued by the financial institution, means for the user to 
enter the user's Personal Identification Number ("PIN"), means for encrypting the 
identifying information and PIN for secures transmission, and means for transmitting the 
encrypted identifying information and PIN in a secure manner via the data transmission 
output over the public data network to the gateway device; and 

wherein the gateway device includes means for transmitting the identifying 
information to the card-issuing financial institution and for receiving an approval 
response from the card-issuing financial institution over the private data network; and 

whereby the approval response provides authentication of the identifying 
information by the card-issuing financial institution. 

2. (Original) The system of claim 1 wherein the public data network is the Internet. 
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3. (Previously presented) The system of claim 1 wherein the secure data entry 
device is connected to the public data network via a personal computer. 

4. (Previously presented) The system of claim 1 wherein the private data network is 
an inter-bank network used for the transferral of electronic transaction data. 

5. (Original) The system of claim 4 wherein the private data network is provided via 
a dedicated network operated for the sole purpose of conducting electronic financial 
transactions. 

6. (Original) The system of claim 4 wherein the private data network is a virtual 
private network operated for the purpose of conducting electronic financial 
transactions via a host of public data network. 

7. (Previously presented) The system of claim 1 wherein the secure data entry 
device further includes: a card reader for reading relevant information stored on the 
user's card; and a keypad to enable the user to enter data into the system. 

8. (Original) The system of claim 7 wherein the card reader is able to read one or 
both of ISO 7816 'smart card' or ISO 781 1 'mag stripe' type cards. 

9. (Canceled). 

10. (Previously presented) The system of claim 1 wherein said identifying 
information includes one or more of: 

the Primary Account Number associated with the card; 
the expiry date of the card; and 

the user's Personal Identification Number associated with the card. 

11. (Previously presented) The system of claim 1 wherein the identifying information 
is transmitted using a standard transaction message format compliant to ISO 8583. 
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12. (Original) The system of claim 11 wherein the ISO 8583 message used is one of 
an V 020(T financial presentment message, and or an "0104" authorization message. 

13. (Previously presented) The system of claim 1 wherein the gateway device also 
includes means for transmitting the approval response to the secure data entry device. 

14. (Original) The system of claim 13 wherein the secure data entry device further 
includes means for deriving from the approval response verifiable proof that the 
customer's identifying information has been authenticated by the card-issuing 
financial institution. 

15. (Original) The system of claim 14 wherein said proof is an authentication data 
block, consisting of data computed in a secure manner from the approval sent from 
the card-issuing bank. 

16. (Original) The system of claim 15 wherein the data block is a whole or truncated 
encryption of the approval message derived using an encryption key stored securely 
within the secure data entry device. 

17. (Previously presented) The system of claim 1 wherein the gateway device further 
includes means to generate a replacement card number upon receipt of the approval 
response from the card-issuing institution. 

18. (Original) The system of claim 17 wherein the replacement card number is 
transmitted to the secure data entry device over the public data network. 

19. (Previously presented) The system of claim 17 wherein the replacement card 
number is generated dynamically for use in a single transaction. 

20. (Previously presented) The system of claim 17 wherein the replacement card 

number is maintained and used for multiple transactions. 
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21. (Currently amended) The system of claim 17 wherein supplementary details of a 
transaction are also be- transmitted to the gateway device by the secure data entry 
device, and wherein said supplementary details include one or more of the transaction 
amount and a merchant identification. 

22. (Original) The system of claim 21 wherein said supplementary details are 
transmitted to the gateway device in the transaction message carrying the identifying 
information. 

23. (Currently amended) A system for the authentication by a card-issuing financial 
institution of identifying information of a card-holding user of a public data network, 
the system comprising: 

a secure data entry device connected to the public data network; and 

a gateway device connected to the public data network and to a private data 

network used for transmitting messages between financial institutions; 

wherein the secure data entry device comprises means for the user to enter 

identifying information of a card issued by the financial institution, means for the user to 
enter the user's Personal Identification Number ("PIN"), means for encrypting the 
identifying information and PIN for secures transmission, and means for transmitting the 
encrypted identifying information and PIN in a secure manner via the data transmission 
output over the public data network to the gateway device; and 

wherein the gateway device includes means for transmitting the identifying 

information to the card-issuing financial institution and for receiving an approval 
response from the card-issuing financial institution over the private data network; and 

whereby the approval response provides authentication of the identifying 

information by the card-issuing financial institution; T he system of claim 17 

wherein the gateway device further includes means to generate a replacement card 

number upon receipt of the approval response from the card-issuing institution and 
wherein the Bank Identification Number of the replacement card number may be is 
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selected such that the payment transaction is routed through the gateway device on the 
private data network before being sent to the card-issuing financial institution. 

24. (Currently amended) A system for the authentication by a card-issuing financial 
institution of identifying information of a card-holding user of a public data network, 
the system comprising: 

a secure data entry device connected to the public data network; and 

a gateway device connected to the public data network and to a private data 

network used for transmitting messages between financial institutions; 

wherein the secure data entry device comprises means for the user to enter 

identifying information of a card issued by the financial institution, means for the user to 
enter the user's Personal Identification Number ("PIN"), means for encrypting the 
identifying information and PIN for secures transmission, and means for transmitting the 
encrypted identifying information and PIN in a secure manner via the data transmission 
output over the public data network to the gateway device; and 

wherein the gateway device includes means for transmitting the identifying 

information to the card-issuing financial institution and for receiving an approval 
response from the card-issuing financial institution over the private data network; 

whereby the approval response provides authentication of the identifying 

information by the card-issuing financial institution; 

The system of claim 17 wherein the gateway device further includes means to generate a 
replacement card number upon receipt of the approval response from the card-issuing 
institution and 

wherein the Bank Identification Number of the replacement card number may be 
is_selected such that the payment transaction is directed over the private data network to 
the gateway device by identifying the gateway device as a card-issuing institution of the 
replacement card number. 

25. (Previously presented) The system of claim 17 wherein the gateway device 

further includes: means for receiving payment transaction messages from the private 
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data network; means for modifying received payment transaction messages; and 
means for transmitting said modified payment transaction messages to the card- 
issuing financial institution; whereby the gateway device is able to substitute actual 
card numbers for replacement card numbers before transmitting received payment 
transaction messages to the card-issuing financial institution. 

26. (Previously presented) The system of claim 17 wherein the gateway device 
further includes a database of replacement card numbers including corresponding 
actual card numbers and supplementary transaction details. 

27. (Previously presented) A method for the authentication by a card-issuing 
financial institution of identifying information of a card-holding user of a public data 
network, comprising the steps of: 

providing a secure data entry device comprising a discrete device having a data 
transmission output connected to the public data network; 

providing a gateway device connected to the public data network and to a private 
data network used for transmitting messages between financial institutions; 

the user entering identifying information of a card issued by the card issuing 
financial institution into the secure data entry device; 

the user entering the user's Personal Identification Number (PIN) into the secure 
data entry device; 

encrypting by the secure data entry device the identifying information and PIN for 
their secure transmission; 

transmitting the encrypted identifying information and PIN in a secure manner via 
the data transmission output over the public data network to the gateway device; 
transmitting the identifying information to the card-issuing financial institution; and 

receiving an approval response from the card-issuing financial institution over the 
private data network; 

whereby the approval response provides authentication of the identifying 

information by the card-issuing financial institution. 
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28. (Canceled). 

29. (new) The system for the authentication by a card-issuing financial institution of 
identifying information of a card-holding user of a public data network according to 
Claim 23 wherein said secure data entry device comprises a discrete device with a 
data transmission output connected to the public data network. 

30. (new) The system for the authentication by a card-issuing financial institution of 
identifying information of a card-holding user of a public data network according to 
Claim 24 wherein said secure data entry device comprises a discrete device with a 
data transmission output connected to the public data network. 



